<?php

  //////////////////////////////////////////////////////////////////
  // OrbitFAQ                                                     //
  // ---------                                                    //
  //                                                              //
  // Orbit FAQ was solely written and developed by Orbit Services //
  // http://www.orbitservices.net                                 //
  //                                                              //
  // Access the Forum here:                                       //
  // http://forums.orbitservices.net/index.php?c=4                //
  //                                                              //
  // OrbitFAQ utilises the following opensource projects/classes; //
  //  + Fckeditor - http://www.fckeditor.net                      //
  //  + Smarty Template Engine - http://smarty.php.net            //
  //  + Swift Email Class - http://www.swiftmailer.org/           //
  //  + OWASP PHP Filter Project - http://www.owasp.org           //
  //  + MySQL Search Class by Stephen Bartholomew                 //
  //                                                              //
  //////////////////////////////////////////////////////////////////

  $smarty->assign("OrbitFAQTitle","Group Management");

  if($action != '')
    {
      $smarty_template_file = "$AdminFullPath/skins/$AdminSkin/mod_". $mod ."_". $action .".tpl";

      if($action == 'create')
        {

          if($posted == 'yes')
            {

              $posted_groupname = strip_tags($_POST['posted_groupname']);
              $posted_grantonreg = strip_tags($_POST['posted_grantonreg']);
              $posted_users = $_POST['posted_users'];
              $posted_faqs = $_POST['posted_faqs'];

              if(!$posted_groupname){ $error .= " &raquo; You did not enter a <u>Group Name</u><br />"; }

                if(!$error)
                  {

                    $query_add = "INSERT INTO `orbitfaq_groups` (
                        `title`,
                        `grantonreg`
                      )VALUES(
                        '$posted_groupname',
                        '$posted_grantonreg'
                      );

                    ";
                    $result_add = $faqsql_query ($query_add)OR DIE( "$sql_query_error $query_add");
                    $group_id = $faqsql_insertid();

                    if($posted_users != '')
                      {
                        foreach($posted_users as $useracl)
                          {
                              // Put in our managed FAQs
                              $query_addacl = "INSERT INTO `orbitfaq_users_groups` (
                                  `u_id`,
                                  `g_id`
                                )VALUES(
                                  '$useracl',
                                  '$group_id'
                                );

                              ";
                              $result_addacl = $faqsql_query ($query_addacl)OR DIE( "$sql_query_error $query_addacl");
                          }
                      }

                    if($posted_faqs != '')
                      {
                        foreach($posted_faqs as $faqacl)
                          {
                              // Put in our managed FAQs
                              $query_addacl = "INSERT INTO `orbitfaq_groups_access` (
                                  `f_id`,
                                  `g_id`
                                )VALUES(
                                  '$faqacl',
                                  '$group_id'
                                );

                              ";
                              $result_addacl = $faqsql_query ($query_addacl)OR DIE( "$sql_query_error $query_addacl");
                          }
                      }

                    clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);

                    $message = "Group Was Successfully Created";
                    header("Location: index.php?mod=$mod&message=$message");

                    exit;

                  }

                $smarty->assign("posted_groupname","$posted_groupname");
                $smarty->assign("posted_grantonreg","$posted_grantonreg");
                $smarty->assign("Errors","$error");

            }

                $query_users = "SELECT * from orbitfaq_users ORDER BY fullname ASC";
                $result_users = $faqsql_query ($query_users)OR DIE( "$sql_query_error $query_users");

                while ($row_users = $faqsql_fetch_array ($result_users)){
                  $users_id = $row_users[0];
                  $users_login = $row_users[2];
                  $users_fullname = $row_users[3];

                  $users_name = "$users_fullname ($users_login)";

                  if($posted_users != '')
                    {
                        if(in_array($users_id, $posted_users))
                          {
                            $users_selected = 'selected';
                          }
                        else
                          {
                            $users_selected = '';
                          }

                    }

                       // Build Smarty Content Array
                       $smarty_userspd_array[] = array(
                          "users_id" => "$users_id",
                          "users_fullname" => "$users_name",
                          "users_selected" => "$users_selected"
                        );

                  }

                // Send our Smarty Data
                $smarty->assign('UserPulldown',$smarty_userspd_array);

                $query_faq = "SELECT * from orbitfaq ORDER BY faq_order ASC";
                $result_faq = $faqsql_query ($query_faq)OR DIE( "$sql_query_error $query_faq");

                while ($row_faq = $faqsql_fetch_array ($result_faq)){
                  $faq_id = $row_faq[0];
                  $faq_title = $row_faq[1];

                  if($posted_faqs != '')
                    {
                        if(in_array($faq_id, $posted_faqs))
                          {
                            $faq_selected = 'selected';
                          }
                        else
                          {
                            $faq_selected = '';
                          }

                    }

                       // Build Smarty Content Array
                       $smarty_faqpd_array[] = array(
                          "faq_id" => "$faq_id",
                          "faq_title" => "$faq_title",
                          "faq_selected" => "$faq_selected"
                        );

                  }

                // Send our Smarty Data
                $smarty->assign('FAQPulldown',$smarty_faqpd_array);

      } // End Create
    elseif($action == 'modify')
      {
        if($group != '')
          {

          if($posted == 'yes')
            {


              $posted_id = strip_tags($_POST['posted_id']);
              $posted_groupname = strip_tags($_POST['posted_groupname']);
              $posted_grantonreg = strip_tags($_POST['posted_grantonreg']);
              $posted_users = $_POST['posted_users'];
              $posted_faqs = $_POST['posted_faqs'];

              if(!$posted_groupname){ $error .= " &raquo; You did not enter a <u>Group Name</u><br />"; }
              if(!$group){ $error .= " &raquo; We are having a problem finding your group id<br />"; }

              if(!$error)
                {

                  $query_update = "UPDATE `orbitfaq_groups` SET
                        `title` = '$posted_groupname',
                        `grantonreg` = '$posted_grantonreg'
                      WHERE `id` = '$posted_id'
                    ;

                  ";

                  $result_update = $faqsql_query ($query_update)OR DIE( "$sql_query_error $query_update");

                  // Delete Our Users ACL
                  $query_delete = "DELETE FROM `orbitfaq_users_groups` WHERE `g_id` = '$posted_id';";
                  $result_delete = $faqsql_query ($query_delete)OR DIE( "$sql_query_error $query_delete");

                    if($posted_users != '')
                      {
                        foreach($posted_users as $useracl)
                          {
                              // Put in our managed FAQs
                              $query_addacl = "INSERT INTO `orbitfaq_users_groups` (
                                  `u_id`,
                                  `g_id`
                                )VALUES(
                                  '$useracl',
                                  '$posted_id'
                                );

                              ";
                              $result_addacl = $faqsql_query ($query_addacl)OR DIE( "$sql_query_error $query_addacl");
                          }
                      }

                  // Delete Our FAQ ACL
                  $query_delete = "DELETE FROM `orbitfaq_groups_access` WHERE `g_id` = '$posted_id';";
                  $result_delete = $faqsql_query ($query_delete)OR DIE( "$sql_query_error $query_delete");

                    if($posted_faqs != '')
                      {
                        foreach($posted_faqs as $faqacl)
                          {
                              // Put in our managed FAQs
                              $query_addacl = "INSERT INTO `orbitfaq_groups_access` (
                                  `f_id`,
                                  `g_id`
                                )VALUES(
                                  '$faqacl',
                                  '$posted_id'
                                );

                              ";
                              $result_addacl = $faqsql_query ($query_addacl)OR DIE( "$sql_query_error $query_addacl");
                          }
                      }

                  clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);

                  $message = "Group Was Successfully Modified!";
                  header("Location: index.php?mod=$mod&message=$message");

                  exit;

                }
              else
                {

                  $smarty->assign("posted_id","$posted_id");
                  $smarty->assign("posted_groupname","$posted_groupname");
                  $smarty->assign("posted_grantonreg","$posted_grantonreg");
                  $smarty->assign("Errors","$error");

                    $query_users = "SELECT * from orbitfaq_users ORDER BY fullname ASC";
                    $result_users = $faqsql_query ($query_users)OR DIE( "$sql_query_error $query_users");

                    while ($row_users = $faqsql_fetch_array ($result_users)){
                      $users_id = $row_users[0];
                      $users_login = $row_users[2];
                      $users_fullname = $row_users[3];

                      $users_name = "$users_fullname ($users_login)";

                      if($posted_users != '')
                        {
                            if(in_array($users_id, $posted_users))
                              {
                                $users_selected = 'selected';
                              }
                            else
                              {
                                $users_selected = '';
                              }

                        }

                           // Build Smarty Content Array
                           $smarty_userspd_array[] = array(
                              "users_id" => "$users_id",
                              "users_fullname" => "$users_name",
                              "users_selected" => "$users_selected"
                            );

                      }

                    // Send our Smarty Data
                    $smarty->assign('UserPulldown',$smarty_userspd_array);

                    $query_faq = "SELECT * from orbitfaq ORDER BY faq_order ASC";
                    $result_faq = $faqsql_query ($query_faq)OR DIE( "$sql_query_error $query_faq");

                    while ($row_faq = $faqsql_fetch_array ($result_faq)){
                      $faq_id = $row_faq[0];
                      $faq_title = $row_faq[1];

                      if($posted_faqs != '')
                        {
                            if(in_array($faq_id, $posted_faqs))
                              {
                                $faq_selected = 'selected';
                              }
                            else
                              {
                                $faq_selected = '';
                              }

                        }

                           // Build Smarty Content Array
                           $smarty_faqpd_array[] = array(
                              "faq_id" => "$faq_id",
                              "faq_title" => "$faq_title",
                              "faq_selected" => "$faq_selected"
                            );

                      }

                    // Send our Smarty Data
                    $smarty->assign('FAQPulldown',$smarty_faqpd_array);
                }

            }
          else
            {

              $query_group = "SELECT * from `orbitfaq_groups` WHERE `id` = '$group'";
              $result_group = $faqsql_query ($query_group)OR DIE( "$sql_query_error $query_group");
              $count_group = $faqsql_count_rows($result_group);

              while ($row_group = $faqsql_fetch_array ($result_group)){
                $group_id = $row_group[0];
                $posted_groupname= $row_group[1];
                $posted_grantonreg = $row_group[2];
              }

                $query_faq = "SELECT * from orbitfaq ORDER BY faq_order ASC";
                $result_faq = $faqsql_query ($query_faq)OR DIE( "$sql_query_error $query_faq");

                while ($row_faq = $faqsql_fetch_array ($result_faq)){
                  $faq_id = $row_faq[0];
                  $faq_title = $row_faq[1];

                  // Check if the admin has access
                  $query_faqacl = "SELECT * from orbitfaq_groups_access WHERE f_id = '$faq_id' AND `g_id` = '$group'";
                  $result_faqacl = $faqsql_query ($query_faqacl)OR DIE( "$sql_query_error $query_faqacl");
                  $count_faqacl = $faqsql_count_rows($result_faqacl);

                  if($count_faqacl != '0')
                    {
                      $faq_selected = 'selected';
                    }
                  else
                    {
                      $faq_selected = '';
                    }

                   // Build Smarty Content Array
                   $smarty_faqpd_array[] = array(
                      "faq_id" => "$faq_id",
                      "faq_title" => "$faq_title",
                      "faq_selected" => "$faq_selected"
                    );

                  }

                $query_users = "SELECT * from orbitfaq_users ORDER BY fullname ASC";
                $result_users = $faqsql_query ($query_users)OR DIE( "$sql_query_error $query_users");

                while ($row_users = $faqsql_fetch_array ($result_users)){
                  $users_id = $row_users[0];
                  $users_login = $row_users[2];
                  $users_fullname = $row_users[3];

                  $users_name = "$users_fullname ($users_login)";

                  // Check if the admin has access
                  $query_usersacl = "SELECT * from orbitfaq_users_groups WHERE u_id = '$users_id' AND `g_id` = '$group'";
                  $result_usersacl = $faqsql_query ($query_usersacl)OR DIE( "$sql_query_error $query_usersacl");
                  $count_usersacl = $faqsql_count_rows($result_usersacl);

                  if($count_usersacl != '0')
                    {
                      $users_selected = 'selected';
                    }
                  else
                    {
                      $users_selected = '';
                    }

                   // Build Smarty Content Array
                   $smarty_userspd_array[] = array(
                      "users_id" => "$users_id",
                      "users_fullname" => "$users_name",
                      "users_selected" => "$users_selected"
                    );

                 }

              // Send our Smarty Data
              $smarty->assign('UserPulldown',$smarty_userspd_array);
              $smarty->assign('FAQPulldown',$smarty_faqpd_array);
              $smarty->assign("posted_id","$group");
              $smarty->assign("posted_groupname","$posted_groupname");
              $smarty->assign("posted_grantonreg","$posted_grantonreg");
              $smarty->assign("Errors","$error");

            }

          }
        else
          {
            clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);

            $message = "You Did Not Enter a Valid Group Id!";
            header("Location: index.php?mod=$mod&message=$message");
          }
      } // End Modify

    elseif($action == 'delete')
      {
        if($group != '')
          {

          if($posted == 'yes')
            {

              $posted_confirmation = sanitize_paranoid_string($_POST['posted_confirmation']);
              $posted_id = sanitize_paranoid_string($_POST['posted_id']);

              $smarty->assign("posted_faq","$faq_id");

              if($posted_confirmation == '0'){ $error .= " &raquo; You did not select an appropriate <u>Confirmation</u><br />"; }

              if(!$error)
                {

                  // Delete Our Users ACL
                  $query_delete = "DELETE FROM `orbitfaq_users_groups` WHERE `g_id` = '$posted_id';";
                  $result_delete = $faqsql_query ($query_delete)OR DIE( "$sql_query_error $query_delete");

                  // Delete Our FAQ ACL
                  $query_delete = "DELETE FROM `orbitfaq_groups_access` WHERE `g_id` = '$posted_id';";
                  $result_delete = $faqsql_query ($query_delete)OR DIE( "$sql_query_error $query_delete");

                  // Delete Our FAQ
                  $query_delete = "DELETE FROM `orbitfaq_groups` WHERE `id` = '$posted_id';";
                  $result_delete = $faqsql_query ($query_delete)OR DIE( "$sql_query_error $query_delete");

                  clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);

                  $message = "Group was Successfully Deleted!";
                  header("Location: index.php?mod=$mod&message=$message");

                  exit;

                }

            }

              $query_group = "SELECT * from `orbitfaq_groups` WHERE `id` = '$group'";
              $result_group = $faqsql_query ($query_group)OR DIE( "$sql_query_error $query_group");
              $count_group = $faqsql_count_rows($result_group);

              while ($row_group = $faqsql_fetch_array ($result_group)){
                $group_id = $row_group[0];
                $posted_groupname= $row_group[1];
                $posted_grantonreg = $row_group[2];
              }

                // Assign our smarty details
                $smarty->assign("Errors","$error");
                $smarty->assign("posted_id","$group_id");
                $smarty->assign("posted_groupname","$posted_groupname");

          }
        else
          {
            clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);

            $message = "You Did Not Enter a Valid FAQ Id!";
            header("Location: index.php?mod=$mod&message=$message");
          }
      } // End Delete

    }
  else
    {
      $smarty_template_file = "$AdminFullPath/skins/$AdminSkin/mod_". $mod .".tpl";

      if($group != '')
        {
          $group_sql = " WHERE id = '$group' ";
          $smarty->assign("GroupView","1");
        }

      $query_groups = "SELECT * from orbitfaq_groups $group_sql ORDER BY title ASC";
      $result_groups = $faqsql_query ($query_groups)OR DIE( "$sql_query_error $query_groups");

      while ($row_groups = $faqsql_fetch_array ($result_groups)){
        $groups_id = $row_groups[0];
        $groups_title = $row_groups[1];
        $groups_defaultonreg = $row_groups[2];

        if($groups_row == '1')
          {
            $groups_row = '0';
          }
        else
          {
            $groups_row = '1';
          }

          if($group != '')
            {

              $query_faqs = "SELECT title FROM orbitfaq WHERE id = ANY (SELECT orbitfaq_groups_access.f_id FROM orbitfaq, orbitfaq_groups_access WHERE orbitfaq_groups_access.g_id = '$group' AND orbitfaq_groups_access.f_id = orbitfaq.id) ORDER BY title ASC";
              $result_faqs = $faqsql_query ($query_faqs)OR DIE( "$sql_query_error $query_faqs");

              while ($row_faqs = $faqsql_fetch_array ($result_faqs)){
                $faq_title = $row_faqs[0];

                $groups_faqs .= "$faq_title<br />";

              }

              $query_users = "SELECT fullname FROM orbitfaq_users WHERE id = ANY( SELECT orbitfaq_users.id FROM orbitfaq_users, orbitfaq_users_groups WHERE orbitfaq_users_groups.g_id = $group AND orbitfaq_users_groups.u_id = orbitfaq_users.id ) ORDER BY fullname ASC";
              $result_users = $faqsql_query ($query_users)OR DIE( "$sql_query_error $query_users");

              while ($row_users = $faqsql_fetch_array ($result_users)){
                $users_fullname = $row_users[0];

                $groups_users .= "$users_fullname<br />";

              }

            }

         // Build Smarty Content Array
         $smarty_groups_array[] = array(
            "groups_id" => "$groups_id",
            "groups_title" => "$groups_title",
            "groups_defaultonreg" => "$groups_defaultonreg",
            "groups_users" => "$groups_users",
            "groups_faqs" => "$groups_faqs",
            "groups_row" => "$groups_row"
          );

      }

      // Send our Smarty Data
      $smarty->assign('GroupListing',$smarty_groups_array);
    }
?>